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In the claims: 

1. (Currently Amended) Computer device configured as a pattern recognition 
apparatus for automatically discovering groups of resources that are assigned in common 
to groups of users, the users, and resources, and current assignm e nts being input as nod e s 
in respective partitions with current assignments , the apparatus comprising: 

a processor, 

an input for receiving an arrangement of nodes and resources , said arrangement 
comprising at least two of said p artitions , one partition comprising said nodes and one 
partition comprising said resources, of said nod e s and^wrth-predetermined relationships 
between said n odes across said partitions and said resources , and 

a pattern recognition and node-grouping unit associated with said inpu t and 
operable via said processor , configured for automatically finding r e lationship p attems 
v^thin said predetermined relationships amongst between said nodes and said resources , 
said finding comprising using pattern recognition on said nodes , said resources and said 
predetermined relationships, and by said pattern recognition to form at least one group 
from said nodes of a first of said partitions such that nodes having common relationship 
patterns are placed into a same one of said at least one group , v/h e r e in said nodes b e ing 
formed into said group shoro said common relationship patterns comprising mutually 
shared relationships with a pr e det e rmin e d common numb e r set of nod e s in a s e cond 
partition said resources , said r e lationships comprising common acc e ss p e rmissions , and 

an output unit for outputting said nodes as said at l e ast on e form e d group of 
nodes sharing said relationship to said common set of resources . 

2. (Currently amended) The apparatus of claim 1, wherein said nodes in said 
first partition are users of a network, said nodes in said second partition are resources of 
said network and said relationships are access permissions. 

3. (Currently Amended) The apparatus of claim 1, wherein said nodes in said 
first partition are users of a network, said nodes in said second portition r esources are 
resources of said network and said relationships are usage levels of respective resources 
by respective users. 
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4. (Original) The apparatus of claim 2, wherein said relationships further 
comprise user access permission levels for respective resources. 

5. (Original) The apparatus of claim 2, wherein said at least one group is 
definitive of a user role on said network. 

6. (Currently Amended) The apparatus of claim 1 , wherein said nodes in said 
first partition are entities having attributes and said nod e s in said s e cond partition 
represent said attribut e s , and said relationships represent a respective user possessing a 
respective attribute 

7. (Original) The apparatus of claim 2, wherein said pattern recognition unit 
is associated with a search engine operable to use a search tree to begin with a single 
resource and its associated users, and iteratively to add resources and remove users not 
having a predefined relationship with said iteratively added resources, to meet a resource 
number, or a user number constraint. 

8. (Original) The app£iratus of claim 7, wherein said search engine is 
operable to use a homogeneity measure to determine whether to consider a candidate 
grouping in said search. 

9. (Original) The apparatus of claim 7, wherein said search engine is 
operable to use a homogeneity measure to determine in which order to consider a 
candidate grouping in said search. 

10. (Original) The apparatus of claim 7, wherein said search engine is 
operable within said iterative stages to add further resources common to a current set of 
users. 
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11. (Original) The apparatus of claim 10, wherein said search engine is 
operable to compute a set of all users related to a current set of resources. 

12. (Original) The apparatus of claim 11, wherein said search engine is 
operable to consider for expansion all resources outside said current set of resources that 
have at least one relationship connection with a current set of users. 

13. (Original) The apparatus of claim 8, wherein the set of users associated 
with each of said nodes is associated with attributes, and wherein said homogeneity 
measure is the percentage of occurrence of a given attribute, multiplied by the log value 
thereof, summed over all such users in said result. 

14. (Original) The apparatus of claim 8, wherein the set of resources 
associated with each of said nodes is associated with attributes, and wherein said 
homogeneity measure is the percentage of occurrence of a given attribute, muhiplied by 
the log value thereof, summed over all such resources in said result. 

15. (Original) The apparatus of claim 8, wherein said homogeneity measure is 
the percentage of occurrence of a given resource relationship for any of the users 
associated with at least one of the resources of said node, multiplied by the log value 
thereof, summed over all users of said node in said result. 

16. (Original) The apparatus of claim 8, wherein said homogeneity measure is 
the percentage of occurrence of a given user relationship for any of the resources 
associated with at least one of the users of said node, multiplied by the log value thereof, 
summed over all resources of said node in said result. 

17. (Original) The apparatus of claim 1, wherein said pattern recognition unit 
is operable to use said pattern recognition within an iterative tree searching process. 
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18. (Original) The apparatus of claim 1, wherein said pattern recognition unit 
is operable to insert said groupings as an intermediate partition amongst said nodes, 
thereby to redefine said relationships through said groupings. 

19. (Currently Amended) The apparatus of claim 1, wherein said nodes and 
said resources are arranged into three partitions, an intermediate one of said partitions 
comprising predetermined relationship dependent groupings of at least some of the nodes 
in a first of said partitions, said pattern recognition unit being operable to use said pattern 
recognition to add new groups to said intermediate partition. 

20. (Currently Amended) The apparatus of claim 1, wherein said input is 
associated with a graphical expositor, which pres e nts confipured to present isaid input in a 
graph, said graphical expositor being operable to form said nodes and said resources into 
said partitions. 

21. (Original) The apparatus of claim 20, wherein the graphical expositor is 
user interactive to manually modify the groupings discovered by the pattern recognition 
engine. 

22. (Original) The apparatus of claim 20, wherein said graphical expositor is 
further operable to partition the graph into sub-graphs, each of the sub-graphs itself being 
a partitioned graph having at least two partitions, the sub-graphs being limited to a subset 
of the nodes in one of the partitions, and further comprising all the nodes in the other 
partition that are linked thereto, and wherein said pattern recognition unit is further 
operable to perform groupings on each of the subgraphs, and then to merge the results 
into a full graph. 

23. (Original) The apparatus of claim 20, wherein said graphical expositor is 
further operable to partition the graph into sub-graphs, each of the sub-graphs itself being 
a bi-partite graph limited to a subset of the nodes in the second partition, and further 
comprising all the nodes in the first partition that are linked thereto, and wherein said 
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pattern recognition unit is further operable to perform groupings on each of the 
subgraphs, and then to merge the resuhs into a full graph. 

24. (Original) The apparatus of claim 20, wherein said graphical expositor, is 
user interactive to allow an operator to review user group associations and user resource 
relations, and to allow said operator to manipulate user access rights. 

25. (Currently Amended) Pattern recognition method for electronically 
grouping nodes according to relationships with other nod e s resources , the method 
comprising: 

receiving an £irrangement of nodes and resources, said arrang e m e nt comprising at 
l e ast two partitions o f said resources being partitioned from said nodes and with 
predetermined relationships between nodes across said partitions resourccs and said 
nodes , and 

automatically finding relationship patterns amongst said nod e s across said 
partitioning using pattern recognition on said nodes , said resources and said relationships, 

ther e by to form using said found patterns, forming at least one grouping of nodes 
of a first of said partitions , wherein said nodes being formed into said grouping share 
relationships with s^ae -common o nes of a predetermined number of nod e s in a s e cond 
partitio n said resources, and 

outputting said nod e s as said at l e ast on e form e d gro up grouping of nodes having 
common patterns of relationships . 

26. (Currently Amended) A reverse engineering device for discovering 
structure in a partitioned nodal arrangement of nodes and resources , the device 
comprising: 

a processor, 

an input configured for receiving an arrangement of nodes and resources , said 
arrangement comprising at least two partition s, said partitions being of said nodes and 
said resources respectively, and with predetermined relationships between said n odes and 
said resources across said partitions, and 
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a pattern recognition unit configured to work with said processor, for 
automatically finding relationship patterns among s t said nodes using pattern recognition 
on said nodes , said resources and said predetermined relationships, 

a node-grouping unit associated with said pattern recognition unit and configured 
to operate with said processor th e r e by to use said relationship patterns to form at least on e 
groups from said nodes of a first of said partitions , wh e r e in said such that those nodes that 
share similar patterns of relationships b e ing form e d into said group shar e relationships 
with sam e ones of a pr e d e t e rmin e d numb e r of w ith nod e s in a second partition said 
resources are placed in a group together , and 

an output configured to output said nodes as said at l e ast one form e d group^ 
nodes having said similar pattem of relationships . 

27. (New) Computer device comprising: 
a processor 

a first series of user definitions, each user in said definitions defined as a user 

node; 

a second series of resource definitions, each resource in said definitions defined as 
a resource node; 

access data indicating access of users to respective resources; and 

a pattem recognition unit operable with said processor for automatically 

discovering pre-existing patterns in said access data, said patterns indicative of a group of 

resources that are assigned in common to a group of users, and 

a group definition unit operable with said processor and said pattem recognition 

unit for using each discovered pre-existing pattem to output a group of users having 

access to common resources. 



